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DETAILED ACTION 

1 . Claims 1-27 remain for examination. The correspondence filed 7/25/07 amended 
claims 1, 21, and 27. 

Response to Arguments 

2. Except as discussed below, Applicant's arguments filed 7/25/07 have been fully 
considered but they are moot in view of the new grounds of rejection. 

3. With respect to Applicant's arguments against the rejection of claim 27 under 35 
use 101, it is observed that that Applicant did not traverse the additional reasoning on 
page 5 of the Office Action of 4/25/07, wherein the claim was observed to lack the 
requisite functionality to satisfy the practical application requirement. In other words, 
the claim is directed to a computer-readable medium that contains a program for a 
computer on it; however, said computer readable medium does not actually perform or 
implement the method contained therein. This is confirmed by the instant specification 
on page 21, lines 12-24, which includes the following: "The computer readable program 
code means is operable, in conjunction with a computer system, to carry out all or 
some of the steps to perform the methods or create the apparatuses discussed herein." 
(lines 15-17, with emphasis added). The claimed computer-readable medium therefore 
does not possess any utility in and of itself, and so the claim must be amended to 
account for the additional components required to realize the claimed functionality. It is 
additionally observed that the instant specification also allows for the computer-readable 
medium may be realized as non-statutory embodiments, including but not limited to the 
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transmission media listed on page 21, lines 19-21. These embodiments are merely 
signals - forms of energy - that do not conform to any of the statutory classes of 
invention. Moreover, the Supreme Court has read the tenn "manufacture" in 
accordance with its dictionary definition to mean "the production of articles for use from 
raw or prepared materials by giving to these materials new forms, qualities, properties, 
or combinations, whether by hand-labor or by machinery." Diamond v. Chakrabarty, 447 
U.S. 303, 308, 206 USPQ 193, 196-97 (1980) (quoting American Fruit Growers, Inc. v. 
Brogdex Co., 283 U.S. 1,11,8 USPQ 131, 133 (1931), which, in turn, quotes the 
Century Dictionary). Other courts have applied similar definitions. See American 
Disappearing Bed Co. v. Amaelsteen, 182 F. 324, 325 (9th Cir. 1910). cert, denied, 220 
U.S. 622 (191 1). These definitions require physical substance, which the claimed signal 
embodiments do not have. Applicant is thus additionally required to amend the claim to 
preclude the non-statutory embodiments by stipulating that the article of manufacture be 
physical in nature (such as the recordable media on page 21, line 18) or, in the 
alternative, amend the specification to remove the non-statutory definition(s) of 
"computer-readable medium" from the context of the instant application. 
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Claim Rejections - 35 USC § 101 

4. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

5. Claim 27 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The claim is directed to an article of 
manufacture comprising a machine-readable medium containing one or more programs; 
this qualifies as software [descriptive material] perse, and is not recognized as statutory 
subject matter under current Office practice: In re Warmerdam, 33 F.3d at 1360, 31 
USPQ2d at 1759. Furthermore, as the article of manufacture does not appear to be 
defined as any type computer or machine capable of executing the claimed program 
(see the instant specification, page 21 , lines 12-24), thus the claimed subject matter 
lacks any requisite functionality to satisfy the practical application requirement, again 
making the claim non-statutory: Diamond v. Diehr, 450 U.S. at 185-186, 209 USPQ at 8 
(noting that the claims for an algorithm in Benson were unpatentable as abstract ideas 
because "[t]he sole practical application of the algorithm was in connection with the 
programming of a general purpose computer.") See also MPEP § 2106.01. 
Furthermore, the claim encompasses intangible embodiments that are non-statutory as 
discussed above, which do not qualify as "articles of manufacture" or any of the other 
statutory classes of invention. Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 

6. Claims 1-3, 7, 9, 12-22, 25, and 27 are rejected under 35 U.S.C. 102(b) based 
upon a public use or sale of the invention. The "P-Synch Installation and Configuration 
Guide" attests to the existence of a software product called P-Synch version 6.2, 
describing its functionality as it was known to exist on or around May 2002. 

Regarding claims 1, 21, and 27: 

P-Synch discloses a method, apparatus, and article of manufacture for 
evaluating a password proposed by a user during an enrollment process (page 21 , "5;3 
Accounts on target systems") comprising: receiving said proposed password from said 
user (page 4, "3. Users select a new password..."); and ensuring said user cannot be 
correlated with said proposed password based on one or more predefined correlation 
rules (page 4, "4. P-Synch checks the new password..."; cf. pages 124-126, but 
particularly those rules on page 126 as indicated). With respect to claim 21 , P-synch is 
installed on a server (page 28, "1. Prepare a P-Synch server..."), which inherently 
possesses memory and a processor coupled to said memory. 

Regarding claims 2, 3, and 22: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether that said proposed password can be [qualitatively: the password is the 
username; quantitatively: the password is similar to the username] correlated with said 
user (page 126, as indicated). 
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Regarding claims 7 and 25: 

P-Synch further discloses wherein said proposed password is an identifying 
number (e.g. PIN number, e.g. page 6, "2.2.2 Authentication Systems"). 

Regarding claim 9: 

P-Synch further discloses wherein said one or more pre-defined correlation rules 
evaluate whether said identifying number is a top N most commonly used identifying 
number (in the embodiment where the password is a PIN, the password history rules on 
pages 126 and 127). 

Regarding claims 12-14: 

P-Synch further discloses wherein said identifying number is a portion of a 
telephone number, address, or social security number (pages 83 and 200). 

Regarding claim 15: 

P-Synch further discloses wherein said proposed password is a word (page 125, 
the dictionary rules). 

Regarding claim 16: 

P-Synch further discloses wherein said one or more predefined correlation rules 
evaluate whether a correlation between said word and said user exceeds a predefined 
threshold (e.g. the last two rules on page 125). 
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Regarding claim 17: 

P-Synch further discloses wherein said correlation is determined by performing a 
meta-search (searching in accordance with rules found in one or more external plug-ins 
and/or the password history table, page 126). 

Regarding claim 18: 

P-Synch further discloses wherein said step of ensuring a correlation further 
comprises the step of performing a meta-search (Ibid). 

Regarding claim 19: 

P-Synch further discloses wherein said step of ensuring a correlation further 
comprises the step of performing a local proximity evaluation (e.g. the last two rules on 
page 125, and the variants of the username on page 126). 

Regarding claim 20: 

P-Synch further discloses wherein said step of ensuring a correlation further 
comprises the step of performing a number classification (the digits rules: page 125). 
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7. Claims 1 , 21 , and 27 are additionally rejected under 35 U.S.C. 102(b) as being 
anticipated by the American Mathematical Society "Creating a New Account" web page 
(hereinafter, "AMS"). 

Regarding claims 1,21, and 27: 

AMS discloses a method, apparatus, and article of manufacture for evaluating a 
password proposed by a user during an enrollment process, comprising: receiving said 
proposed password from said user (page 1 , last bulletpoint); and ensuring said user 
cannot be correlated with said proposed password based on one or more predefined 
correlation rules (page 2, "Don't use personal information such as your name, birthday, 
anniversary etc."). With respect to claim 21 , the fact that the enrollment process is a 
computer program run from a web server (page 1 , "New User Signup" and "Steps to 
follow", 1^* bulletpoint) implies a computer inherently possessing memory and a 
processor coupled to said memory for implementing said program. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which fomis the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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9. Claims 4-6, 8. 10, 1 1 , 23, 24, and 26 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over the P-Synch version 6.2 software product of May 2002 (as 
evidenced by the P-Synch Installation and Configuration Guide) as applied to claims 1, 
7, 21, and 25 above, and further in view of "Choosing a Good Password" (hereinafter, 
"Netscape"). 

Regarding claims 4, 6, 23, and 24: 

P-Synch comprises all the limitations of claims 1 and 21 above. P-Synch further 
discloses wherein said proposed password is comprised of a proposed answer and a 
proposed hint (the user Q&A profiles on pages 83 and 199-200; cf.). Although P-Synch 
has many rules by which one can correlate a proposed password to known weak 
passwords, P-Synch does not explicitly disclose determining whether the proposed 
answer can be correlated to/obtained from the proposed hint (i.e. the proposed 
password should not be similar to any of the personal information used in establishing 
one's personal profile - see also page 6, "2.2.2 Authentication System"). However, P- 
Synch discloses that one can augment the rules by which it determines the strength of 
proposed passwords (via external plug-ins, page 126; cf. sections 10.19.1 and 10 19.2 
on pages 127-128) developed using techniques that one of ordinary skill in the art would 
have known (pages 576-584), said plug-ins allowing P-Synch to query additional 
sources for password strength rules (Ibid). Furthermore, Netscape teaches that it was 
common knowledge that various kinds of information already retained by P-Synch for a 
user's personal profile (the hints and answers), makes for very weak passwords (page 
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1 , "Don't Use"). It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to develop a plug-in for P-Synch, in accordance with the 
techniques explicitly disclosed for that exact purpose, that would have allowed It to 
query the user's personal profile to see if the proposed answer correlates to [e.g. is an 
anagram of], or can be obtained from [e.g. is an exact match for], the password hint. All 
the claimed elements were known in the prior art and one skilled in the art could have 
combined the elements as claimed by the disclosed methods, and the combination 
would have yielded predictable results to one of ordinary skill in the art at the time of the 
instant invention. 

Regarding claim 5: 

P-Synch further discloses wherein said particular relation is selected from the 
group consisting essentially of self, family member, co-author, teammate, colleague, 
neighbor, community member, or household member (pages 83, 199, & 200). 

Regarding claims 8, 10, 1 1 and 26: 

Although P-Synch discloses wherein said proposed password is an identifying 
number, it does not explicitly disclose rules to determine if the identifying number meets 
any of the following criteria: whether said identifying number identfies a person in a 
particular relationship to said user [claims 8 and 26], identifies a top N commercial entity 
[claim 10], or identifies said user [claim 1 1]. However, P-Synch maintains a database 
with each of those pieces of information: a number that Identifies a person in a particular 
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relationship to said user ("Family member phone number that is not your own", pages 
83 and 200), a top commercial entity (radio station dial number, Ibid), and the user 
("Your SSN", Ibid). P-Synch further discloses that one can augment the rules by which 
it determines the strength of proposed passwords (via external plug-ins, page 126; cf. 
sections 10.19.1 and 10.19.2 on pages 127-128) developed using techniques that one 
of ordinary skill in the art would have known (pages 576-584), said plug-ins allowing P- 
Synch to query additional sources for password strength rules (Ibid). Furthermore, 
Netscape teaches that it was common knowledge that each piece of personal 
information known to be recorded by P-Synch makes for a very weak password (page 
1 , "Don't Use"). It would have been obvious to one of ordinary skill in the art at the time 
the invention was made to develop a plug-in for P-Synch, in accordance with the 
techniques explicitly disclosed for that exact purpose, that would have allowed it to 
query the user's personal profile to evaluate whether the identifying number meets any 
of the recited criteria in these claims. All the claimed elements were known in the prior 
art and one skilled in the art could have combined the elements as claimed by the 
known methods, and the combination would have yielded predictable results to one of 
ordinary skill in the art at the time of the instant invention. 



' For purposes of the rejection of claim 10, it is assumed that N=1. 
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Conclusion 

1 0. Applicant's amendment necessitated tlie new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tom Gyorfi whose telephone number is, (571) 272-3849. 
The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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